Introduction
WLC 4400 web authentication DNS queries are sent from the management interface.
Core Issue
Before authentication, a web authentication client's Domain Name Server (DNS) queries go out over the management port on the 4400, instead of going out over the client's dynamic interface.
Resolution
This issue is documented in Cisco bug ID CSCsc68105 - 4400 Web Auth DNS queries are being sent from the mgmt interface.
The login page should pop up when a wireless client opens a browser and puts in the URL for the desired page. The URL must contain a site name that has to be DNS resolved, since the DNS resolution is what triggers the re-direction to the login page, either on the controller or on an external server. If the client has a homepage that requires DNS resolution in the browser, as soon as the browser is opened, that DNS resolution triggers the redirect, making it appear seamless.
The workaround is to make sure that the management interface has routes to and from the DNS server. The controller handles routing between the management interface and the dynamic interface the guest WLAN is bound to on its own.
The upgrade can be done through the Graphical User Interface (GUI) or the Command Line Interface (CLI), as shown:-
transfer download serverip
transfer download filename
transfer download datatype code
transfer download path /
transfer download start
This issue is first found in version 3.1(59.24) and is first fixed in version 4.0(155).
Bug Details
4400 Web Auth DNS queries are being sent from the mgmt interface - CSCsc68105
Description
Before authentication, a web auth client's DNS queries go out over the management port on the 4400, instead of going out over the client's dynamic interface.
Workaround: ensure that the DNS server is reachable from the managment interface.
Known Fixed Releases:
4.0(155.0)
3.2(116.21)
Reference
